FreeBSD Local Security Checks : FreeBSD Security Advisory (FreeBSD-SA-05:11.gzip.asc)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.53016

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Security Advisory (FreeBSD-SA-05:11.gzip.asc)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-05:11.gzip.asc

gzip is a file compression utility.

Two problems related to extraction of files exist in gzip:

The first problem is that gzip does not properly sanitize filenames
containing / when uncompressing files using the -N command line
option.

The second problem is that gzip does not set permissions on newly
extracted files until after the file has been created and the file
descriptor has been closed.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date

http://www.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-05:11.gzip.asc

CVSS Score:
3.7

CVSS Vector:
AV:L/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 12996
Common Vulnerability Exposure (CVE) ID: CVE-2005-0988
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
http://www.securityfocus.com/bid/12996
BugTraq ID: 19289
http://www.securityfocus.com/bid/19289
Bugtraq: 20050404 gzip TOCTOU file-permissions vulnerability (Google Search)
http://www.securityfocus.com/archive/1/394965
Cert/CC Advisory: TA06-214A
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
Debian Security Information: DSA-752 (Google Search)
http://www.debian.org/security/2005/dsa-752
http://www.osvdb.org/15487
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765
RedHat Security Advisories: RHSA-2005:357
http://rhn.redhat.com/errata/RHSA-2005-357.html
SCO Security Bulletin: SCOSA-2005.58
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt
http://secunia.com/advisories/18100
http://secunia.com/advisories/21253
http://secunia.com/advisories/22033
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1
http://www.vupen.com/english/advisories/2006/3101

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.53016
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Security Advisory (FreeBSD-SA-05:11.gzip.asc)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:11.gzip.asc gzip is a file compression utility. Two problems related to extraction of files exist in gzip: The first problem is that gzip does not properly sanitize filenames containing / when uncompressing files using the -N command line option. The second problem is that gzip does not set permissions on newly extracted files until after the file has been created and the file descriptor has been closed. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date http://www.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-05:11.gzip.asc CVSS Score: 3.7 CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	BugTraq ID: 12996 Common Vulnerability Exposure (CVE) ID: CVE-2005-0988 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http://www.securityfocus.com/bid/12996 BugTraq ID: 19289 http://www.securityfocus.com/bid/19289 Bugtraq: 20050404 gzip TOCTOU file-permissions vulnerability (Google Search) http://www.securityfocus.com/archive/1/394965 Cert/CC Advisory: TA06-214A http://www.us-cert.gov/cas/techalerts/TA06-214A.html Debian Security Information: DSA-752 (Google Search) http://www.debian.org/security/2005/dsa-752 http://www.osvdb.org/15487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765 RedHat Security Advisories: RHSA-2005:357 http://rhn.redhat.com/errata/RHSA-2005-357.html SCO Security Bulletin: SCOSA-2005.58 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt http://secunia.com/advisories/18100 http://secunia.com/advisories/21253 http://secunia.com/advisories/22033 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1 http://www.vupen.com/english/advisories/2006/3101
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com